03-13-2012
One reason those methods of authentication are not considered as worthwhile is that they mean you are keeping your password or passphrase stored somewhere in the clear, or in a way a program can decrypt them without verifying you are there. But for automated things, sometimes you just have to do some of this.
I recommend using keys with ssh. You can encrypt the private keys with a passphrase that ssh-agent can open for you once (per reboot or login) and all further uses, like the overnight backup, can just get it from the agent. Or if you trust your machine's physical security (not recommended for laptops taken from home or office) just leave it unencrypted. You can also do what I do and have authorize two or more extra keys at the login destination and hide extras on USB memory sticks with obscure names. Other options include have separate keys for interactive access and automated access (if the automated access key gets into someone else's hands you still have your server access via the interactive key with you you can revoke the authentication of the other key, and put in a new one).
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a piece of code that I do not want to continuously repeat. I want to call script2 from script1 and pass a parameter. Here is an example:
Script1:
.......
nohup ./Script2 PARAMETER
.......
Script2:
if
# Checks if any params.
then
echo "No parameters passed to function."
... (4 Replies)
Discussion started by: rvprod
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
Can i pass a parameter(not a file name) as a parameter to a awk program?
eg;
$awk -f test 1 2 3
here test is the filename...and 1,2,3 are the i/p parameters?
thank you:-) (2 Replies)
Discussion started by: unisam
2 Replies
3. Shell Programming and Scripting
Hi all,
How to pass a parameter from a oracle pl/sql procedure parameter to shell environment and use it? (1 Reply)
Discussion started by: megh
1 Replies
4. Shell Programming and Scripting
Hi,
i am new to awk. I am using csv2pipe script(shown below)
BEGIN { FS=SUBSEP; OFS="|" }
{
result = setcsv($0, ",")
print
}
# setcsv(str, sep) - parse CSV (MS specification) input
# str, the string to be parsed. (Most likely $0.)
# sep, the separator between the values.
#
#... (6 Replies)
Discussion started by: bhaskarjha178
6 Replies
5. UNIX for Dummies Questions & Answers
Hello
I have a simple code like this one:
#!/bin/ksh
VER=$1
cat /usr/text | while read line
do
echo $line
done
Let's say $1=1.0.0 and the contents of text is:
abcd.cfg
asdf
I would like the output to be like this
abcd1.0.0.cfg
asdf1.0.0
I am thinking of passing the... (5 Replies)
Discussion started by: khestoi
5 Replies
6. Shell Programming and Scripting
Hi,
How to pass parameter to run folloing script?
#parameters are div, dept, style
U run_convert_pdm.ksh Mens 44 7542
U run_convert_pdm.ksh "Mens Knit" 44 7541
The first command works fine but the second needs to have two words together , it does not work even if
I have used double... (15 Replies)
Discussion started by: sandy162
15 Replies
7. Shell Programming and Scripting
Hi,
I have following for loop , please let me know how to get ${TXP_EXT_TABLE_${i}_SQL} parameter with 1DAY and 7DAY values.
for i in 1DAY 7DAY
do
${NZSQL_DIR}/nzsql -h ${HOST} -time -v ON_ERROR_STOP=1 -f ${SQL_DIR}/${TXP_EXT_TABLE_${i}_SQL} > ${TMP_LOG_FILE} 2>&1
done
... (4 Replies)
Discussion started by: sandy162
4 Replies
8. Shell Programming and Scripting
Hi All,
I want to copy /.ssh/OM.pub file from source to destination.
Here source IP address, username and password is always fixed.
Whereas destination server IP address, password always gets changed.
From destination server :-
I am trying to write a script in which it should log in to... (3 Replies)
Discussion started by: madhur.baharani
3 Replies
9. Shell Programming and Scripting
OS version: RHEL 6.7
myTextFile.txt file is referred within Script1.sh script,
I only execute Script1.sh and I want the input variable to be passed inside myTextFile.txt . Any idea how I can do this ?
$ cat script1.sh
cat myTextFile.txt
$ cat myTextFile.txt
$1
Requirement1.... (4 Replies)
Discussion started by: kraljic
4 Replies
SCP(1) BSD General Commands Manual SCP(1)
NAME
scp -- secure copy (remote file copy program)
SYNOPSIS
scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ...
[[user@]host2:]file2
DESCRIPTION
scp copies files between hosts on a network. It uses ssh(1) for data transfer, and uses the same authentication and provides the same secu-
rity as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication.
File names may contain a user and host specification to indicate that the file is to be copied to/from that host. Local file names can be
made explicit using absolute or relative pathnames to avoid scp treating file names containing ':' as host specifiers. Copies between two
remote hosts are also permitted.
The options are as follows:
-1 Forces scp to use protocol 1.
-2 Forces scp to use protocol 2.
-4 Forces scp to use IPv4 addresses only.
-6 Forces scp to use IPv6 addresses only.
-B Selects batch mode (prevents asking for passwords or passphrases).
-C Compression enable. Passes the -C flag to ssh(1) to enable compression.
-c cipher
Selects the cipher to use for encrypting the data transfer. This option is directly passed to ssh(1).
-F ssh_config
Specifies an alternative per-user configuration file for ssh. This option is directly passed to ssh(1).
-i identity_file
Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to
ssh(1).
-l limit
Limits the used bandwidth, specified in Kbit/s.
-o ssh_option
Can be used to pass options to ssh in the format used in ssh_config(5). This is useful for specifying options for which there is no
separate scp command-line flag. For full details of the options listed below, and their possible values, see ssh_config(5).
AddressFamily
BatchMode
BindAddress
ChallengeResponseAuthentication
CheckHostIP
Cipher
Ciphers
Compression
CompressionLevel
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
HostName
IdentityFile
IdentitiesOnly
KbdInteractiveDevices
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PKCS11Provider
Port
PreferredAuthentications
Protocol
ProxyCommand
PubkeyAuthentication
RekeyLimit
RhostsRSAAuthentication
RSAAuthentication
SendEnv
ServerAliveInterval
ServerAliveCountMax
StrictHostKeyChecking
TCPKeepAlive
UsePrivilegedPort
User
UserKnownHostsFile
VerifyHostKeyDNS
-P port
Specifies the port to connect to on the remote host. Note that this option is written with a capital 'P', because -p is already
reserved for preserving the times and modes of the file in rcp(1).
-p Preserves modification times, access times, and modes from the original file.
-q Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).
-r Recursively copy entire directories. Note that scp follows symbolic links encountered in the tree traversal.
-S program
Name of program to use for the encrypted connection. The program must understand ssh(1) options.
-v Verbose mode. Causes scp and ssh(1) to print debugging messages about their progress. This is helpful in debugging connection,
authentication, and configuration problems.
The scp utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
scp is based on the rcp(1) program in BSD source code from the Regents of the University of California.
AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
BSD
February 8, 2010 BSD